Recent Blog Entries
Another Reason to dis-like DRM Nov. 17 2012
IPsec vs. TLS/SSL (https) May 22 2012
Ron was wrong, Whit is right, really? Feb. 22 2012
I wanted more battery life on my phone... Jan. 15 2012
Bonsai Kitten Dec. 9 2011
In today’s (February 15th, 2009) New York Times there is an article by John Markoff titled “Do we need a new Internet.” It asks this question because today’s Internet is a security mess. So let me take a crack at an answer...
The Internet isn’t the problem. The Internet does just what it is supposed to do, it allows us to route traffic from one place to another as efficiently as possible. It many ways it is just like a highway and road system. Some has posited that the Internet Users are the problem. It is easy to see why one might believe this. People install untrusted software on their computers all the time, they answer “phishing” mail revealing their passwords (and other sensitive information), the list goes on.
Yet, you don’t get to replace the users. People are people and will continue to be so. So what can we do?
The road system gives us some hints.... But let me digress for a second. In my earlier days I took flying lessons (I gave it up for a variety of reasons, not the least of which was the cost, and I was a starving graduate student). To get a pilot’s license you truly have to demonstrate competence. It was interesting to see the contrast with a driver’s license, where quite frankly, you don’t. A driver’s test really only requires a minimum of competence, otherwise too many people would be excluded. Yet, highway accidents and fatalities are at acceptable levels (at least to most people for we don’t see a significant demand for change!). Why is this? Well for one things there are engineering decisions (and regulations that codify them in some cases) built into the road/car ecosystem to make roads safer then they otherwise would be. To go back to flying, impacts that are fatal to a plane are often survivable in a car. Cars have been designed to provide for a safer environment, even when faced with a marginally qualified driving public.
We need to do the same thing to the Internet. And interestingly it isn’t the Internet so much as the computers people use that needs to be changed. Some have called for an “Internet Drivers License.” If you think of that as an identity document, we already have one. It is your password. Yet this is part of the problem, people share their passwords way too much. Imagine for a moment if every person you showed your driver’s license to also received an identical copy that they could then use to impersonate you. You would have the situation we have today with passwords. Every time you use your password you give a copy to someone else (in most cases the server) which can then be compromised.
So what should we do... Well I won’t presume to have all of the answers, but here is a start:
So how do we start...
Copyright © 2009-2012 Jeffrey I. Schiller